.jpg)
The Agent Control Standard (ACS) today announced a vendor-agnostic, open standard for governing AI agents at runtime. While the industry has protocols for how agents communicate, no shared framework has existed for controlling what they do once they begin acting inside enterprise environments. The announcement is being made during the AI Agent Security Summit in San Francisco, where security leaders, researchers and AI infrastructure providers are gathering this week.
ACS is an open standard for runtime governance of AI agents, vendor-agnostic under MIT license.
Defines standardized middleware hooks for policy enforcement across agent execution workflows.
Three layers: Instrument (runtime hooks and Guardian Agent pattern), Trace (OpenTelemetry/OCSF extensions), Inspect (Agent Bills of Materials).
Addresses EU AI Act human oversight requirements and NIST AI RMF continuous monitoring.
Current workstreams include identity authentication for AI agents and coding agent extensions.
Contributions sought from platform developers, enterprise security teams, and researchers.
"Governance cannot rely on soft guardrails or wishful system prompts," said Michael Bargury, co-creator of ACS and co-founder and CTO of Zenity. "The industry has standardized how agents communicate, but not the control layer. ACS is intended to help establish a common framework for runtime enforcement, intervention and policy governance across agent ecosystems."
ACS defines standardized middleware hooks that allow agent platforms to expose runtime control points across agent execution workflows. When an agent receives input, calls a tool, transitions from planning to execution, stores a memory, executes code or invokes a sub-agent, ACS fires a hook. Policy enforcement runs inline, evaluating the action and returning a verdict of allow, deny or modify before the action reaches production systems.
ACS is structured around three layers: Instrument defines runtime hooks and the Guardian Agent pattern for inline policy enforcement; Trace extends OpenTelemetry and OCSF with agent-specific semantic conventions; Inspect extends CycloneDX, SPDX, and SWID to produce dynamic Agent Bills of Materials.
The EU AI Act requires demonstrable human oversight of high-risk AI systems, including the ability to intervene in real time. The NIST AI Risk Management Framework calls for continuous monitoring and the capacity to disengage autonomous systems operating outside acceptable parameters. Enterprise compliance mandates are proliferating faster than the tooling to satisfy them.
Every governance framework agrees on what is needed: runtime visibility, intervention capability and auditable controls. None of them specifies the implementation. ACS provides that implementation layer, translating regulatory requirements into concrete technical controls that platforms can expose, developers can configure and security teams can verify.
"How to move ahead with agent security and governance is one of the top strategic concerns for organizations deploying agents," said Fernando Montenegro, vice president and practice lead at Futurum Group. "The Agent Control Standard framework provides direction on how organizations should be instrumenting their agentic workflows and environments to achieve better security and governance outcomes."
Current ACS workstreams include runtime middleware and Guardian Agent enforcement architecture; OpenTelemetry semantic conventions for AI agent tracing; Agent Bill of Materials (AgBOM) extensions for real-time agent inventories; and MCP and A2A protocol integrations.
Additional workstreams are underway. An identity workstream is defining how enterprises authenticate AI agents as non-human actors, including agent identity, ephemeral credentials, and just-in-time access controls. A coding agent workstream is extending ACS to cover IDE-based agents like those used for software development, where the same runtime hooks apply to code generation, file edits, and command execution.
The ACS initiative is currently being coordinated by contributors including Rock Lambros, director of AI standards and governance at Zenity, and Michael Bargury, co-creator of ACS and co-founder and CTO of Zenity.
ACS is actively seeking participation from AI agent platform developers, enterprise security and governance teams, researchers, standards contributors and members of the broader AI and cybersecurity community.
About Agent Control Standard (ACS)
The Agent Control Standard (ACS) is an open standard for runtime governance, enforcement and observability across AI agent systems. ACS defines standardized middleware hooks, runtime policy interfaces and interoperability mechanisms designed to help enterprises govern autonomous AI systems across frameworks and environments. The specification, reference implementations and tooling are open-source and licensed under MIT.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.